Dell PowerSwitch S4112F-ON OS10 Enterprise Edition User Guide Release 10.4.1.0 - Page 519
User re-authentication, Password strength, Role-based access control
View all Dell PowerSwitch S4112F-ON manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 519 highlights
aaa authentication login default local aaa authentication login console local User re-authentication To prevent users from accessing resources and performing tasks for which they are not authorized, OS10 allows you to require users to reauthenticate by logging in again when an authentication method or server changes, such as: • Adding or removing a RADIUS server (radius-server host command) • Adding or removing an authentication method (aaa authentication login {console | default} {local | group radius | group tacacs+} command) You can enable this feature so that user re-authentication is required when any of these actions are performed. In these cases, logged-in users are logged out of the switch and all OS10 sessions are terminated. By default, user re-authentication is disabled. Enable user re-authentication • Enable user re-authentication in CONFIGURATION mode. aaa re-authenticate enable Enter the no form of the command to disable user re-authentication. Password strength By default, the password you configure with the username password command must be at least nine alphanumeric characters. To increase password strength, you can create password rules using the password-attributes command. When you enter the command, at least one parameter is required. When you enter the character-restriction parameter, at least one option is required. • Create rules for stronger passwords in CONFIGURATION mode. password-attributes {[min-length number] [character-restriction {[upper number] [lower number][numeric number] [special-char number]}} - min-length number - Enter the minimum number of required alphanumeric characters (6 to 32; default 9). - character-restriction - Enter a requirement for the alphanumeric characters in a password: ◦ upper number - Minimum number of uppercase characters required (0 to 31; default 0). ◦ lower number - Minimum number of lowercase characters required (0 to 31; default 0). ◦ numeric number - Minimum number of numeric characters required (0 to 31; default 0). ◦ special-char number - Minimum number of special characters required (0 to 31; default 0). Create password rules OS10(config)# password-attributes min-length 7 character-restriction upper 4 numeric 2 Display password rules OS10(config)# do show running-configuration password-attributes password-attributes min-length 7 character-restriction upper 4 numeric 2 Role-based access control RBAC provides control for access and authorization. Users are granted permissions based on defined roles - not on their individual system user ID. Create user roles based on job functions to help users perform their associated job function. You can assign each user only a single System management 519